1. Introduction
The APM Group Limited (“APMG”, “us”, “we”, “our”) is committed to protecting and respecting your data privacy. We want you to know how we use and protect your personal information. This includes informing you of your rights regarding your personal information that we hold.
This Privacy Policy sets out how we may use, process and store your personal data. Personal data is any information that can be used to identify or be reasonably associated with a specific person.
We need your personal data in order to deliver contractual/legal obligations you may have with us or our business partners or to allow us to provide you our services. In other cases, we will collect that information from you with your permission and consent.
Where APMG provides services to you on its own behalf (such as when you use our websites or purchase an examination from us), APMG is the “Controller” for all the personal data collected.
Where APMG is issuing a SFIA digital badge via the Credly platform, on behalf of a SFIA Licensed Assessment Partner, APMG is the "Processor" for the digital administration and the Licensed Partner responsible for your assessment and certification is the "Controller".
2. Laws and Regulations
The laws that govern personal data in the UK are:
- the Data Protection Act 2018 and
- the United Kingdom General Data Protection Regulation (UK GDPR)
- the REGULATION (EU) 2016/679 OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (General Data Protection Regulation) (EU GDPR).
The independent authority that upholds information rights in the public interest in the United Kingdom is the Information Commissioner’s Office (the “ICO”). Further information can be found at https://ico.org.uk.
Our registration details with the ICO are as follows:-
- The APM Group Limited Z6934466
Please note these regulations apply to all APMG offices and to everyone we do business with who have access to personal information through APMG. These regulations are not restricted to UK citizens.
3. Company Details
This is APMG’s registered address, company number and contact information:
The APM Group Limited
Sword House
Totteridge Road
High Wycombe
Buckinghamshire
HP13 6DG
Email: dataprivacy@apmgroup.co.uk
Phone: +44 (0) 1494 452450
Our EU office is:-
APMG Benelux
Unit 1.15 BusinessCenter Sputnik
Sputnik 20
3824 MG Amersfoort
If you have questions, comments, or complaints about this Privacy Policy, please contact us using the details above.
4. Personal information we may collect from you
APMG may collect information from you because we have a legal reason (allowed by law or under contract) to collect the information, or because you have consented for us to do so for a specific purpose, or we have a legitimate interest.
Information you give us
You may give us information about you with your consent or as required for you to use our services, for example:
- Information you provide to create an account with us
- The forms, emails, and other communications that you send us or otherwise contribute, such as support inquiries or posts to our message boards or forums. Please be aware that information on public parts of our websites and online platforms is available to others
- Your marketing preferences
- Information you share with us in connection with surveys or promotions
- Information you share with us by applying for a job at APMG
- Information you submit to us at a conference, exhibition or online event
This information may be personal, financial, educational, or related to your employment history.
Sometimes we require you to provide us with information for legal reasons, such as to enter into a contract with us, when you are buying exams, assessments or other goods or services from us, or when you are applying for a job at APMG.
If you are a trainer, facilitator or invigilator accredited or approved by APMG, the Trainer, Facilitator, Invigilator Data Protection Statement, outlining the processing of your data, is available on the APMG Network and/or via your sponsoring ATO.
Information obtained from other sources
If you purchase an APMG exam from one of our business partners or training providers, they may provide us with certain personal information about you (such as your name and email address) to allow us to provide services to you. The privacy policy of the applicable business partner / training provider will control how they use your information and share this information with us. Make sure you are comfortable with their privacy terms by reviewing their privacy policy.
If you have earned a SFIA digital badge through one of our Licensed Partners, they may provide us with certain personal information (such as your name and email address) to allow us to provide the services to you.
Information obtained from your use of our services
When you use our services, we collect information about your activity on and interaction with our websites and/or online platforms, such as your IP address, your device and browser type, your preferences, the web page you visited prior to coming to our website and/or online platform, and information about how you interact with our websites and/or online platforms.
Some of this information is collected automatically using cookies and similar technologies when you use our services. You can read more about our use of cookies in Section 5 below.
Websites and Online Platforms usage information
We use a third-party service, Google Analytics, to collect standard website performance information. This information is processed in a way that it does not identify individuals. Web usage information is collected by our web server and from other sources including search engines, internet service providers, page tagging techniques including JavaScript, and cookies. We use IP addresses to analyse trends, track users' movement, and gather broad demographic information for aggregate use. IP addresses are not linked to personally identifiable information.
If you visit one of our websites or use one of our online platforms, we may automatically collect information about you, for example:
- IP addresses
- Information about the technology you use to connect to our website and/or online platform
- What parts of our website or online platform you click on and how long you look at our website or online platform.
As well as the information that you provide, we receive and store a range of website and online platform usage information whenever you use one of our websites or online platforms. If we want to collect personal information, we will be clear and specific why we require this information and ask you to opt-in.
We use this to:
- assess the effectiveness of marketing campaigns
- develop and deliver services and information that better meet your needs
- inform you of events, services, and products which we believe to be relevant to you, where you have consented to be contacted for such purposes.
We also use Matomo to track website use trends using anonymous IP addresses. This raw data is kept for 24 months to create reports but is not attributable to an individual.
Live Chat Services (APMG Live Chat)
This service allows you to chat live with us or one of our support agents in order to facilitate your navigation of any of our websites or online platforms.
APMG use the chat function of Chatlio,1329 N 47th ST #31231, Seattle, WA 98107, USA.
Messages and other information entered into the Chatlio chat window by yourself and/or APMG or its sub-contractors are sent to APMG via Slack, a service of Slack Inc., 500 Howard Street, San Francisco, CA 94105, United States. Chatlio uses cookies to identify recurring visitors and uses your location data to provide an indication as to where you are from to our support team.
We collect and process personal information about you with your consent and/or as necessary to perform our contractual obligations, provide our services, meet our legal obligations, protect the security of our systems, or fulfil other legitimate interests. When engaging in a live chat session with one of our support agents or staff members, APMG, Slack and Chatlio may store the following information:
- Name
- Email Address
- Candidate Number (if applicable)
- Browser
- Operating System
- Page URL on which a chat was initiated
- Local Time
- Location
- Agent Ratings
- Any other personal information you may provide in your messages to us
By using our live chat, you agree to Chatlio's and Slack’s methods of storage and use of data. For further information, please refer to the privacy policy of Chatlio: https://chatlio.com/legal/privacy-policy and Slack: https://slack.com/privacy-policy.
APMG Technical Helpdesk
Support calls are recorded to ensure that end user’s data security and rights are not breached during a support call. These recordings are removed after 90 days. It is in the legitimate interests of the individual for us to have a recording of such events so that we can investigate any claims of misconduct or unsatisfactory service.
APMG Communications
APMG use an email/marketing automation platform to send communications to our accredited organisations and trainers and newsletters to newsletter list recipients. We collect and process information about you if you sign up on our website to receive newsletters or provide consent to receive marketing in the candidate portal. You can withdraw your consent to receive newsletters at any time by clicking on unsubscribe in the newsletter or by changing your marketing preferences in the candidate portal
APMG may also send communications to candidates to ask for feedback after they have sat an exam in order for us to gain insight on how we can improve our services. Survey responses are captured using Survey Monkey https://uk.surveymonkey.com/mp/legal/privacy/
APMG uses the automated platform Mailchimp.
Mailchimp is an online marketing platform operated by The Rocket Science Group LLC, a company headquartered in the State of Georgia in the United States. For further information, refer to their Privacy Policy at https://mailchimp.com/legal/privacy/
Social Media Campaigns
APMG runs social media campaigns using third party platforms to record media, edit and host. These platforms include LinkedIn and YouTube. Participants of social media campaigns have provided APMG with consent to capture their images and testimonials and edit these for various campaigns.
5. Cookies
Our websites (including apmg-international.com, apmg-businessbooks.com and ppp-certification.com) and online platforms (including the APMG Learning Platform and the APMG Candidate Portal) puts small files (known as “cookies”) onto your computer to collect information about how you use our site.
Cookies are used to:
- measure how you use the website / online platform so it can be updated and improved based on your needs
- remember the notifications you’ve seen so we don’t show them to you again
APMG websites and online platforms do not use cookies to identify you personally, but to gain useful knowledge about how the site is used so we can keep improving it for our users.
You will normally see a message appear on the site before we store a cookie on your computer.
Find out more about how to manage cookies by visiting www.aboutcookies.org or www.allaboutcookies.org.
How we use cookies on our websites
Measuring website usage
APMG websites and online platforms use Google Analytics to collect data that we use to improve your experience of our sites and platforms.
The cookies we use on websites are:
Name | Purpose | Duration |
---|---|---|
_ga | Used to distinguish users. | 2 year |
_gid | Used to distinguish users. | 24 hours |
_gat | Used to throttle request rate. | 1 minute |
AMP_TOKEN | Contains a token that can be used to retrieve a Client ID from AMP Client ID service. Other possible values indicate opt-out, inflight request or an error retrieving a Client ID from AMP Client ID service. | 30 seconds to 1 year |
_gac_<property-id> | Contains campaign related information for the user. If you have linked your Google Analytics and AdWords accounts, AdWords website conversion tags will read this cookie unless you opt out. Learn more. | 90 days |
Read the Google Analytics privacy document (available at https://support.google.com/analytics/answer/6004245) for more details about the data collected by Google Analytics. To opt out from Google Analytics visit: https://tools.google.com/dlpage/gaoptout
Our Introductory Message
Our Introductory Message
We are legally obliged to tell you that we use cookies on our sites and online platforms and gain your consent to their use. We do this via a pop-up message when you first visit our website or online platform. We store a cookie on your computer so that we know that you have acknowledged the pop-up and the site knows not to show it again:
Name | Purpose | Duration |
---|---|---|
cookie-agreed | Records whether or not the cookie’s notification pop-up has been acknowledged by the user | 11 months |
Content Management System
We use the Drupal content management system on our websites and online platforms, which also sets a number of cookies:
has_js | Allows the website to determine whether your browser is javascript compatible | Browser session |
---|---|---|
SESSxxxx | Used to determine whether the user is already logged on to the site | 23 Days |
How we use cookies on our online platforms
For further information on the use of Cookies on all APMG-International online platforms please see APMG Cookie Policy
Google AdWords
Google Analytics allows us to record information about the page a user has seen on our website, for example the URL of the page. The Google Analytics JavaScript libraries use HTTP Cookies to "remember" what a user has done on previous pages / interactions with the website.
Important: Google Analytics does not store any personal information about website users. Please refer to the Google Analytics privacy document for more details.
Information about how visitors can opt out of Google’s use of cookies can be seen at Google’s Ads Settings.
Third Party Cookies
First-party cookies are those that we set for our websites and online platforms; third party cookies are cookies that originate from different websites. We do not control the setting of third-party cookies, so if you are concerned you should check the policy on the third-party website.
An example of a third-party website we use is YouTube. We have a number of videos on apmg-international.com and although we own (or have permission to use) them, the video content is actually streamed from YouTube. You may therefore receive a YouTube cookie if you view one of our videos.
6. Children
We believe in protecting the privacy of children. In line with this belief, we do not knowingly collect or maintain personal information from persons under 16 years of age, for our public examinations, and no part of any of our websites or online platforms is directed at persons under 16 years of age. If you are under 16 years of age, then please do not use or access our websites or online platforms at any time or in any manner. We will take appropriate steps to delete any personal information of persons less than 16 years of age, if it was provided directly by them.
If you are a parent or legal guardian or carer (responsible adult) and believe your child has given us information, you can contact us at dataprivacy@apmgroup.co.uk, and we will take appropriate steps to investigate and address the issue.
If you are under the age of 16 and have sat one of our examinations, as part of an agreement between a training organisation and your school, APMG processes your data with consent from your parent, guardian or carer (Responsible Adult) and does not transfer your data to any third party apart from the Scheme Owner that owns the qualification in question (if applicable – see Section 10 below for further information).
If you are a parent, guardian or carer (Responsible Adult) who has signed an application form authorising the delivery of examination services to a candidate under the age of 16, APMG will retain your personal information (as provided in the application form) for a period of 5 years from completion of the application form so that we retain a record of consent for all children aged between 13-16 until such time they reach an age that parental, guardian or carer consent is no longer required.
Please note that, should the parent, guardian or carer (Responsible Adult) withdraw their consent, APMG will stop processing the personal data of the candidate under the age of 16 and therefore will be unable to verify any certification awarded to that candidate.
7. Why does APMG collect personal information?
APMG collects information for some or all of following reasons:
- To provide services to you, for example:
- information that identifies you, such as your name, username and email address
- to allow you to register and sit an examination with us
- to deliver online training you purchased from us or one of our business partners / training providers
- after you have taken one of our educational certifications/ qualifications, to manage your certification, including validation of your certification/qualification by us
- to provide you with any of the services available via our websites and/or online platforms.
- To provide information about products or services you have shown interest in purchasing within a reasonable time afterwards, if you are an existing APMG customer.
- To provide information to you about products or services you have purchased from us, or related products or services.
- To provide information to you about our products and services if you have consented to receive it.
- To employ you or consider you for employment.
- To provide goods or services to you under contract.
- For legal reasons, for example, if you have entered into a contract with us.
8. What legal basis does APMG have for processing my information?
APMG may process your information because:
- We have a contract with you;
- You have given us permission to do so;
- We must provide services to you after you have purchased something from us or one of our business partners;
- We must provide services to you because you have taken one of our qualifications;
- To comply with the law.
All these are reasons APMG may legally process the information we have about you.
9. Where we store your personal data
We primarily store and process your personal data in the UK and EU/European Economic Area (“EEA”). If we do transfer your personal data outside the UK or EEA it will be because you have consented or because we have a legal reason to do so. Your data may also be processed by staff (who work for us) operating outside the EEA all of whom are covered by this policy.
Some examples of reasons your data may be processed outside the UK and EEA include:
- Order fulfilment
- Payment processing
- Technical support services
- Live Chat services.
If your personal data cannot be processed within the UK and EEA, we will:
- Comply with all other data protection principles;
- Where possible, process it in a country that is on the list of the UK Commissioners’ countries that provide adequate protections for the rights and freedoms of data subjects;
- Make sure we have assessed the adequacy of protections in all other cases.
APMG will also transfer your personal information to the owner of the scheme qualification you have chosen to undertake and our business partner(s) from whom you have purchased our services (if any). Please see Section 10 below for more details.
By using our services, or submitting your personal data, you agree to this transfer, storing and/or processing.
10. Who might we share your information with?
APMG may share your personal information with third parties, either because you have consented to allow us to do so or for a legitimate purpose or to comply with the law. For example, we may share your personal information with:
- The training organization who provided training to you before you took an examination (for example, to share your examination result or to deal with a complaint);
- A scheme owner who provides an online platform for training and/or additional resources for a training course you have enrolled in;
- Our group companies, which means our subsidiaries, or our ultimate holding company and its subsidiaries, as defined in section 1159 of the UK Companies Act 2006;
- With third parties because you have given consent;
- With third parties who provide shipping or publishing services because you have purchased goods or services;
- On our Successful Candidate Register if you have consented;
- Subcontractors and third parties for the purpose of the performance of a contract we hold with them or that we hold with you for a service you have chosen. They only receive data needed to provide their services to us and are required to use such data only in order to perform the services we have hired them to do (unless otherwise required by law). We have agreements with our service providers that say that they cannot use any of this data for their own purposes or for the purposes of another third party. A list of these organisations can be found here https://apmg-international.com/copyright-legal-policies.
Please note some of these organisations may be located outside UK and/or EEA, for example:
- Taking an on-line exam at home or in the office via ProctorU
- This service allows you to take an online exam from the comfort of your own home or office with online proctoring. We use a third party supplier, ProctorU, to provide this service. Their privacy policy can be seen here https://www.proctoru.com/privacy-policy For APMG test-takers, ProctorU retain any recordings from the exam session for 7 months, in line with the APMG appeals period, and other data is retained for 1 year from the last interaction with the test-taker.
- Taking an on-line exam at home or in the office via APMG In Person Proctoring (AIPP)
- This service allows you to take an online exam from the comfort of your own home or office using the APMG proctors, where your organisations level of security prevents you installing the software required to be proctored via ProctorU. APMG use Zoom https://explore.zoom.us/en/privacy/ and Calendly https://calendly.com/privacy as the platform and scheduling mechanism for proctoring the exam. APMG does not record the exam sessions.
- Obtaining a digital badge and certificate via Credly
- This service allows successful candidates and SFIA badge recipients to claim a digital badge to embed on an email signature, website, social media or a digital CV. Successful candidates and those claiming SFIA badges following assessment by a SFIA Licensed Assessment Partner are required to register and accept their digital badge on Credly. A digital certificate will also be available on their personal account of successful candidates only, SFIA badges do not have a digital certificate. Each certificate has a unique verifiable link built into it allowing individuals, teams, managers and employers to quickly validate any certificate presented electronically. Candidates can also print their own certificate on demand from their Credly account. Their privacy policy can be seen here https://www.youracclaim.com/privacy
- IP owners of the APMG qualification you have chosen to undertake. Please note that some Scheme Owners are based outside the UK and/or EEA as shown in the table below (if required, each organisation has its own Privacy Policy published on their website, links to which can be found on the product pages) Where APMG transfers data outside the UK and EEA, we have implemented appropriate safeguards to protect your data:
Product | Owner | Location | ||||||
---|---|---|---|---|---|---|---|---|
AAB Scheme (Aerospace Auditors) | EAQG | US | ||||||
Agile Business Consortium Scrum Master & Product Owner | Agile Business Consortium | UK | ||||||
AgileBA, Agile DS, AgilePgM, AgilePM, & AgilePM for Scrum | Agile Business Consortium | UK | ||||||
Agile Change Agent | Agile Change Management Limited | UK | ||||||
Analytics Translations | GoDataDriven | EEA | ||||||
APMG Lean IT | APMG | UK | ||||||
APMP & Micro Certifications | APMP | US | ||||||
Artificial Intelligence | BCS | UK | ||||||
Artificial Intelligence Practitioner | Cyber Skills | UK | ||||||
ASL | Van Haren Rights B.V. | EEA | ||||||
Better Business Cases | HM Treasury/Welsh Treasury | UK | ||||||
Business Case Development for Infrastructure Projects (BDIP) | HM Treasury/Welsh Treasury | UK | ||||||
Better Business Cases (If booked through New Zealand) | New Zealand Treasury | New Zealand | ||||||
BiSL | Van Haren Rights B.V. | EEA | ||||||
BRMP & CBRM | BRM Institute | US | ||||||
Business Agility Works | Agile Business Consortium | UK | ||||||
Business Resilience | Professional Resilience | UK | ||||||
CCP | NCSC | UK | ||||||
CDCAT | DSTL / Ploughshare / APMG | UK | ||||||
Certificate of Cloud Auditing Knowledge | ISACA | US | ||||||
Certificate in Operational Risk Management (CORM) | The Institute of Operational Risk (IOR) | UK | ||||||
Certified Data Privacy Solutions Engineer | ISACA | US | ||||||
Certified in Emerging Technology | ISACA | US | ||||||
Certified in the Governance of Enterprise IT | ISACA | US | ||||||
Certified Information Systems Auditor | ISACA | US | ||||||
Certified Information Security Manager | ISACA | US | ||||||
Certified Local Change Agent (CLCA) | APMG (CMI) | Australia | ||||||
Certified Medical Device Auditor (CMDA) | Johner Institut GmbH | EEA | ||||||
Certified Professional Technical Communicator | STC (Society for Technical Communication) | US | ||||||
Certified Public-Private Partnerships Professional (CP3P) | APMG/World Bank | US | ||||||
Certified in Risk and Information Systems Control | ISACA | US | ||||||
Chain of Responsibility – Lead Auditor | Auditor Training Services Pty Ltd | Australia | ||||||
Change Management | APMG (CMI) | Australia | ||||||
Clear Path to Cash Professional | Cash Flow Mike | US | ||||||
Cloud Computing | NAVICA | US | ||||||
Climate-Resilient Infrastructure Officer | Global Center on Adaption | EEA | ||||||
COBIT 5 and COBIT 2019 | ISACA | US | ||||||
Critical Communication Capability | TSO | UK | ||||||
Customs Clearance Agent | The British Chamber of Commerce | UK | ||||||
Cyber Essentials | Capula | UK | ||||||
Data Literacy Fundamentals | Cybiant | EEA | ||||||
Data Science with Python | GoDataDriven | EEA | ||||||
Digital Information Design (DID) | Van Haren Rights B.V. | EEA | ||||||
DNV Auditor Competence | DNV | EEA | ||||||
DTMethod | InProgress Design Labs | EEA | ||||||
Earned Value | APM | UK | ||||||
Enterprise Big Data | The Big Data Framework BV | EEA | ||||||
Experience Collab | TSO | UK | ||||||
Facilitation | Resource Developing Business by Developing People | UK | ||||||
FitSM | IT Education Management Organization e.V. (ITEMO e.V.), | EEA | ||||||
Forest Garden Certification (FGC) | Trees for the Future | US | ||||||
Half Double | Half Double Institute | EEA | ||||||
House of PMO- Essentials for PMO Suite | House of PMO | UK | ||||||
IAITAM | IAITAM | US | ||||||
Information and Cyber Security Foundation | CIISec | UK | ||||||
Information Technology Certified Associate | ISACA | US | ||||||
International Project Management Association (IPMA) | APM (UK) and IPMA (Netherlands) | EK/EEA | ||||||
ISO/IEC 20000 | APMG | UK | ||||||
ISO/IEC 27001 | APMG | UK | ||||||
IS0 37000 Governance of Organisations | FluidRock Governance Academy | South Africa | ||||||
IT Risk Fundamentals | ISACA | US | ||||||
Lean IT Association | APMG (in association with LITA) | UK | ||||||
Lean Green Belt | LSSA / APMG | EEA/UK | ||||||
Lean Six Sigma | LSSA / APMG | EEA/UK | ||||||
Managing Benefits | APMG | UK | ||||||
Model Based System Engineering | Learning Tree US | US | ||||||
NCSP Specialist certifications | ITSM Solutions | US | ||||||
Neuroscience for Change | Sparkling Performance Ltd / Agile Change Management Ltd | UK | ||||||
NSCS Certified Training | NCSC | UK | ||||||
NCSP Specialisms, NIST Cyber Security Professional | ITSM Solutions | US | ||||||
OpenSM | IN.SI Srl | EEA | ||||||
Organizational Behaviour Management | OBM Dynamics BV | EEA | ||||||
PM4SD | FEST | EEA | ||||||
PPS | APMG | UK | ||||||
Praxis | Praxis Framework Limited | UK | ||||||
Private Brand Fundamentals | Daymon | US | ||||||
Process Communication | KCF | EEA | ||||||
Project Analytics | Projecting Success | UK | ||||||
Project Canvas | Antonio Nieto-Rodriguez | EEA | ||||||
Project Planning & Control (PPC) | APM | UK | ||||||
PS Professional | Positive Momentum | UK | ||||||
PuMP Certification | Stacey Barr Pty Ltd | Australia | ||||||
Robotic Process Automation | SAF Alliance | EEA | ||||||
Service Automation Framework (SAF) | SAF Alliance | EEA | ||||||
Site Reliability Engineering (SRE) | Xebia Nederland B.V. | EEA | ||||||
Sourcing Governance Foundation (SGF) | APMG (IAOP) | UK | ||||||
Stakeholder Engagement | APMG | UK | ||||||
STAR Method | Notion Limited | UK | ||||||
Strategy Implementation Professional | Strategy Implementation Institute | Singapore | ||||||
Technology Business Management | Learning Tree US | US | ||||||
Telehealth Service Implementation Model | TSO | UK | ||||||
Unified Service Management (USM) | SURVUZ Foundation | EEA | ||||||
WISP | New View Management BV | EEA |
Other reasons APMG may share your personal information with a third party
If APMG or substantially all of its assets are acquired by a third party, personal data held by APMG about its customers will be one of the transferred assets of the company.
In addition, APMG will share your personal data with third parties for the following reasons:
- If we are under a duty to disclose or share your information in order to comply with any legal obligation,
- To enforce or apply our Website Terms of Use, Terms and Conditions of Sale, or other agreements
- To protect our rights, property, or safety, our users, or others. This includes exchanging information with other companies and organisations for the purposes of fraud protection and credit risk reduction.
- For audit purposes by National Accreditation Bodies i.e. UKAS, by whom we are accredited.
Aggregated or anonymized data with personal information removed
APMG may, from time to time, provide third parties with data that has been aggregated or anonymized. This means that personal information that could be used to identify you has been removed from the data. An example of this may be how many candidates have taken an exam in a country.
Data provided to third parties in this way is not personal data; however, we do respect your right to object to your data being used in this way.
Access to your stored personal data via password
Where we have given you (or where you have chosen) a password which enables you to access certain parts of our site or online platform, you are responsible for keeping that password confidential. We ask you not to share passwords with anyone.
Transmission and storage of your personal data
Unfortunately, the transmission of information via the internet is not completely secure. Although we have technical and organisational measures in place to protect your data, we cannot guarantee the security of your data as it is transmitted and stored.
Transmission and storage of your personal data
Unfortunately, the transmission of information via the internet is not completely secure. Although we have technical and organisational measures in place to protect your data, we cannot guarantee the security of your data as it is transmitted and stored.
11. How long will we keep your personal information?
APMG will not retain your personal information for longer than required.
We will keep your personal information:
- For as long as required by law
- Until we no longer have a valid reason for keeping it
- Until you request us to stop processing it
We will retain personal data collected for as long as required to do what we say we will in this policy, unless a longer retention period is required by law.
We may keep just enough of your personal information to ensure that we comply with your requests not to use your personal information or comply with your right to erasure. For example, we must keep your request to be erased, even if it includes your personal data, as an audit trail that requests are dealt with in accordance with UK GDPR.
If you have questions about our Data Retention Policy. Please contact: dataprivacy@apmgroup.co.uk
If you have visited an APMG website and/or registered for an online event
Purpose of Collection | Data Category | Data Collected | Purpose for Collection | Lawful basis for processing | Provided by | Data shared with? | Retention Period |
---|---|---|---|---|---|---|---|
To provide information to you | Web users sales leads data | Name, address, email, phone number | To provide information about training courses that you have requested | Contractual fulfilment (art 6. (1) (b)) | Data subject | Training companies | For as long as it is required to provide the service |
Service/ product development |
Web user
Survey responses |
Name, email address, phone number, country | To develop services and products to meet the expectations and requirement of our customers | Consent (art 6. (1) (b)) | Data subject | Campaign partners named in the campaign | Until you unsubscribe from the service |
Service/ product development | Event attendee | Name, email address | To promote our products and services | Consent (art 6. (1) (b)) | Data subject | Campaign partners named in the campaign | Until you unsubscribe from the service |
Service/ product development | Campaign subscriber | Name, email address | To promote our products and services | Consent (art 6. (1) (b)) | Data subject | Campaign partners named in the campaign | Until you unsubscribe from the service |
If you have sat an exam with APMG
Purpose of Collection | Data Category | Data Collected | Purpose for Collection | Lawful Basis for Processing | Provided by | Data Shared with | Retention Period |
---|---|---|---|---|---|---|---|
To provide information to you | Web users sales leads data | Name, email address, phone number | To provide information about training courses that you have requested |
Contractual fulfilment
(art 6 (1) (b)) |
Data Subject | Training Companies | 2 years |
Service / product development | Web user Survey responses | Name, email address, phone number, country |
To develop services and products to meet the
expectations and requirement of our customers. |
Consent (art 6.(1) (a)) | Data Subject | None | 2 years |
Transactional Information | Candidate | Name* | To provide examination services to an individual |
Contractual fulfilment
(art 6 (1) (b)) |
Training Company in order to register
candidate for the exam, or data subject for public exams |
External Proctor, digital badge provider and scheme owners |
For as long as is required to verify certification**
Can only be amended by APMG |
Email address* | To send notification emails to an individual |
Contractual fulfilment
(art 6 (1) (b)) |
Training Company in order to register
candidate for the exam, or data subject for public exams |
External Proctor, digital badge provider and scheme owners |
For as long as is required to verify certification**
Can be changed at any time by the candidate in the portal |
||
Address* | As an alternative method of communication |
Contractual fulfilment
(art 6 (1) (b)) |
Data subject | Country only with external Proctor, and scheme owners |
For as long as is required to verify certification**
Can be changed at any time by the candidate in the portal |
||
Telephone number* | To follow up regarding provision of examination services |
Contractual fulfilment
(art 6 (1) (b)) |
Data subject | External Proctor, and scheme owners |
For as long as is required to verify certification**
Can be changed at any time by the candidate in the portal |
||
Candidate/
Session ID |
Unique Identifier created by the candidate portal |
Contractual fulfilment
(art 6 (1) (b)) |
APMG | External Proctor, and scheme owners |
For as long as is required to verify certification**
Cannot be changed |
||
Memorable word* | To verify identity in case of candidate queries | Legitimate interests (art 6.(1) (f)) | Data subject | None |
For as long as is required to verify certification**
Can be changed at any time by the candidate in the portal |
||
Memorable date* | To verify identity in case of candidate queries | Legitimate interests (art 6.(1) (f)) | Data subject | None |
For as long as is required to verify certification**
Can be changed at any time by the candidate in the portal |
||
Company | For research purposes | Legitimate interests (art 6.(1) (f)) | Data subject | External scheme owners |
For as long as is required to verify certification**
Can be changed at any time by the candidate in the portal |
||
Industry Sector* | For research purposes | Legitimate interests (art 6.(1) (f)) | Data subject | External scheme owners |
For as long as is required to verify certification**
Can be changed at any time by the candidate in the portal |
||
Successful Candidate Register preference | To add the candidate to the online Successful Candidate Register, if they choose | Consent (art 6 (1) (a)) | Data subject | None |
For as long as is required to verify certification**
Can be changed at any time by the candidate in the portal |
||
Consent preferences for
Marketing from APMG |
To communicate with you about our other products | Consent (art 6 (1) (a)) | Data subject | None | Candidate can change preference at any time | ||
Consent preferences for
Marketing from scheme owner |
To communicate with you about their other products | Consent (art 6 (1) (a)) | Data subject | None | Candidate can change preference at any time | ||
Accredited Training
Organisation, if applicable |
Details of the training company and trainer providing the training to verify accredited training for booking exams |
Contractual fulfilment
(art 6 (1) (b)) |
Training Company | External scheme owner |
For as long as is required to verify certification**
Cannot be changed |
||
Exam and Level | Details of the exam being sat |
Contractual fulfilment
(art 6 (1) (b)) |
Training Company, or data subject for public exams | External scheme owner |
For as long as is required to verify certification**
Cannot be changed |
||
Exam Results | The exam score and pass/fail status |
Contractual fulfilment
(art 6 (1) (b)) |
APMG | External scheme owner |
For as long as is required to verify certification**
Can only be changed by APMG in the event of a successful appeal |
||
Exam Certificate (if candidate passes exam) | Digital certificates (for exams sat prior to 2021) |
Contractual fulfilment
(art 6 (1) (b)) |
APMG | None |
For as long as is required to verify certification**
Cannot be changed |
||
E-certificate and
digital badge (if candidate passes exam) |
Link to claim digital badge and e-certificate |
Contractual fulfilment
(art 6 (1) (b)) |
APMG | External badge provider (only if claimed by the data subject) |
For as long as is required to verify certification**
Cannot be changed |
||
Medical Information | In support of adjustments or accommodations required, due to medical reasons, during the exam | Legal obligation (art 6.(1) (c) and art 9(2)(e) substantial public interest (condition 6 of the DPA 2018 Part 2 Schedule1)) | Training Company, or data subject for public exams | None | 7 months from the certification decision date to align with our appeals period | ||
Transactional information | Parent, guardian, carer (responsible adult) | Name* | Evidence of consent to process data of children under the aged of 13-16 | Consent (art 6 (1) (a)) | Training Company | None | 5 years to provide evidence of consent until all ages reach 18*** |
Service/ product development | Candidate | Feedback on services provided | For research purposes and to improve the services we provide | Consent (art 6.(1) (a)) | Candidate | Only aggregated anonymised data shared | 6 months, after which it is anonymised |
*mandatory field
**unless the candidate exercises their right to erasure, however this does void their certification(s).
***if a parent, guardian or carer withdraws consent for us to process the personal data of a child under the agree of 16, we will stop processing and will be unable to verify the certification.
Note 1:- The data is only shared with an external proctor if the candidate sits an online proctored exam, and the data is only shared with external scheme owners if the exam sat is owned by an external scheme owner, in accordance with the table in section 10.
Note 2:- If the candidate is under the age of 16 they do not receive a digital badge and their data is not shared with an external badge provider. We do not publish their data on the Successful Candidate Register and we also do not send marketing materials to under 16’s so their marketing preference is automatically defaulted to not receive marketing.
For schemes that are course only and have no exam, course details will be reported to APMG via an online form, for the purpose of invoicing, and may include personal data. This information will be stored securely for 7 years
If you have attended a course only
Purpose of Collection | Data Category | Data Collected | Purpose for Collection | Lawful basis for processing | Provided by | Data Shared with? | Retention Period |
---|---|---|---|---|---|---|---|
Transactional information | Course only delegates | Name, email address, | To invoice for training courses attended | Legitimate interests (art 6.(1) (f)) | Training provider | None | 7 Years |
If you have made a purchase from the APMG Store
Purpose of Collection | Data Category | Data Collected | Purpose for Collection | Lawful basis for processing | Provided by | Data Shared with? | Retention Period |
---|---|---|---|---|---|---|---|
Transaction information | APMG Store customers | Name, email address, phone number | To deliver the product purchased | Contractual fulfilment (art 6.(1) (b)) | Data subject | Courier companies | Until you delete your account |
APMG Store customers | Payment card details | To charge for the product purchased | Contractual fulfilment (art 6.(1) (b)) | Data subject | Third party payment company | Not retained by APMG | |
APMG Store customers | Name, email address, phone number | To provide a receipt for the product purchased | Contractual fulfilment (art 6.(1) (b)) | Data subject | None | 7 years |
If you are a user of one of our online portals
Purpose of Collection | Data Category | Data Collected | Purpose for Collection | Lawful basis for processing | Provided by | Data Shared with? | Retention Period |
---|---|---|---|---|---|---|---|
Transaction information | CDCAT Portal Users | Name, email address, phone number | To provide access to the tool | Contractual fulfilment (art 6.(1) (b)) | Data subject | None | For as long as is required to provide the service |
CDCAT Assessors | Name, email address, company | To provide access to the tool to conduct assessments | Contractual fulfilment (art 6.(1) (b)) | Data subject | None | For as long as is required to provide the service | |
CDCAT Assessments | Name, company* | To conduct assessments | Contractual fulfilment (art 6.(1) (b)) | Assessors | None | For as long as is required to provide the service |
12. THE USE OF AUTOMATED DECISION-MAKING
APMG uses automated decision-making when marking candidate exam answers. For online and paper based exams, the exam is either marked directly by the online exam portal, or the answer sheets are scanned and marked by our exam system. The provisional results are provided to the candidates before APMG officially releases them. The marking algorithm is one mark per correct answer and the pass or fail result is determined by the minimum pass score for each product, which can be found on the individual product pages. Candidates can contact APMG direct to express their opinion and contest the decision, requesting human intervention to manually mark their exam answers. Alternatively, if they attended training via one of our training companies, their training company can make this request to APMG on their behalf. Upon request, APMG will manually mark the exam and issue a decision. The APMG decision from manually marking the exam will be final.
13. SECURITY
Once we no longer require information, we securely destroy it. We use commercially reasonable technical, organizational, and administrative measures to protect our Services against unauthorized or unlawful access or processing and against accidental loss, theft, disclosure, copying, modification, destruction, or damage. Nonetheless, we cannot guarantee that transmissions of your information will always be secure or that unauthorized third parties will never be able to defeat the security measures taken by us or our service providers. You should not share your user name, password, or other security information for your account with anyone. If you have reason to believe that your interaction with us is no longer secure (e.g., if you feel that the security of any account you might have with us has been compromised), please contact us immediately as detailed in section 15, below.
14. What if I chose not to give you my personal information?
If the personal information is necessary in order to supply goods or services to you under a contract between you and APMG or via one of our business partners, then we will not enter into that contract or provide the services or goods if you do not give us your personal information.
15. Controlling your personal information
Where you have consented to receive communications from us or are currently receiving material relating to our products or services, you may at any time ask us to cease sending you such material by contacting us.
We will not sell, distribute or lease your personal information to third parties.
APMG International is a subsidiary of The APM Group Limited. You may request details of personal information which we hold about you under the GDPR. If you would like a copy of the information held on you please contact our Data Protection Officer via dataprivacy@apmgroup.co.uk or write to:
F.A.O. Data Protection Officer
APM Group Ltd
Sword House
Totteridge Road
High Wycombe
Buckinghamshire
HP13 6DG
16. Your Rights
APMG will respect your legal rights to your data.
Below are the rights that you have under law, and what APMG does to protect those rights:
Legal right | What APMG does to protect your rights | ||
---|---|---|---|
The right to be informed | APMG is publishing this Privacy Notice to keep you informed about what we do with your personal information. We strive to be transparent about how we use your data. | ||
The right to access | You have the right to access your information. Please contact APMG’s Data Protection Manager at dataprivacy@apmgroup.co.uk if you wish to obtain a copy of the personal information APMG holds about you. | ||
The right to rectification | If the information APMG holds about you is inaccurate or incomplete, you have the right to ask us to rectify it. If that data has been passed to a third party with your consent or for legal reasons, then we must also ask them to rectify the data. Please contact us at: dataprivacy@apmgroup.co.uk. If you have an account with us via our Candidate Portal, you may also update your personal information by logging into your profile page. | ||
The right to erasure |
This is sometimes called ‘the right to be forgotten’. If you want APMG to erase all your personal data and we do not have a legal reason to continue to process and hold it, please contact us at: dataprivacy@apmgroup.co.uk
Please note that by exercising this right it may affect the ability to verify your qualifications.
|
||
The right to restrict processing | You have the right to ask APMG to restrict how we process your data. This means we are permitted to store the data but not further process it. We keep just enough data to make sure we respect your request in the future. If you want us to restrict processing of your data, please contact: dataprivacy@apmgroup.co.uk | ||
The right to data portability | APMG must allow you to obtain and reuse your personal data for your own purposes across services in a safe and secure way without affecting the usability of your data. If you want information on how to port your data elsewhere: please contact dataprivacy@apmgroup.co.uk. This right only applies to personal data that you have provided to us as the Data Controller. The data must be held by us by consent or for the performance of a contract. | ||
The right to object | You have the right to object to APMG processing your data even if it is based on our legitimate interests, the exercise of official authority, direct marketing (including data aggregation), and processing for the purposes of statistics. If you wish to object please contact: dataprivacy@apmgroup.co.uk | ||
The right to withdraw consent | If you have given us consent to process your data but change your mind as you have the right to withdraw your consent at any time, APMG must stop processing your data. If you want to withdraw your consent, please contact: dataprivacy@apmgroup.co.uk. Withdrawing consent will not affect the lawfulness of any processing we conducted prior to your withdrawal, nor will it affect processing of your personal information conducted in reliance on lawful processing grounds other than consent. | ||
The right to complain to a Supervisory Authority | You have the right to complain to the ICO if you feel that APMG has not responded to your requests in a reasonable time to solve a problem. their contact details can be found here: https://ico.org.uk/concerns/. Contact details for data protection authorities in the European Economic Area, Switzerland and certain non-European countries (including the US and Canada) are available at https://ec.europa.eu/justice/article-29/structure/data-protection-authorities/index_en.htm. |
If you have any issues or concerns or just want to provide feedback regarding this Privacy Notice, or any of APMG’s data processing activities, please contact the Data Protection Officer at dataprivacy@apmgroup.co.uk
17. Links to Other Websites
Our websites and online platforms may contain links to other websites. Anonymous visit or session information may be passed to other websites for the web usage information purposes described above. None of this information can be related to an individual user of the website. The operators of other sites may collect information from you, which will be used by them in accordance with their own terms and conditions, and privacy policies.
This privacy notice applies only to our websites and online platforms. We are not responsible for privacy practices within any other website. You should always be aware of this when you leave this website and we encourage you to read the privacy statement on all other websites that you visit.
18. Changes to Our Privacy Policy
We may update or amend this Privacy Policy from time to time, to comply with law or to meet our changing business requirements. When we update our Privacy Notice, we will take appropriate measures to inform you, consistent with the significance of the changes we make. Any updates or amendments will be posted on the APMG International website. We encourage you to review the APMG International website regularly for the latest information on our privacy practices. By continuing to access our websites and/or online platforms or using any of our services, your access and use will be subject to these updates and amendments.